Netherlands November 12th 2015
November 12th, 2015
- De Boelelaan 1105
- F647 6th floor, F-section
- 1081 HV Amsterdam
- see here for directions
- Pizza's and beverages are sponsored by
- 18:30 - 18:50 Registration & Pizzas
- 18:50 - 19:00 OWASP Netherland and Foundation Updates
- 19:00 - 20:00 '.. talking of Deep Web' - Marco Balduzzi and Vincenzo Ciancaglini
- 20:00 - 20:15 break
- 20:15 - 21:00 A FAIR approach to risk - Wim Remes
- 21:00 - 21:30 Networking
'.. talking of Deep Web'
A FAIR approach to risk
IT Risk Management has quickly evolved from something we did once or twice a year to a full time practice within organizations large and small. As more and more data becomes available and with the understanding that taking risk is essential to doing business, we are looking for new approaches to bring the technical and business components of risk together. FAIR (Factor Analysis of Information Risk) is a risk ontology that can help organizations in understanding, communicating, and addressing information risk at all levels. In this presentation we will explore FAIR as a tool for organizations and the value it brings to all players on the risk playing field.
Marco Balduzzi and Vincenzo Ciancaglini
Dr. Marco Balduzzi holds a PhD in applied IT security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspect of computer security, with particular emphasis on real problems that affect systems and networks. Some topics on which he has worked on are web and browser security, code analysis, botnets detection, cybercrime investigation, privacy and threats in social networks, malware, and intrusion detection systems. He has been involved in IT Security for more than 10 years with international experiences in both industrial and academic fields. He previously worked as a Security Consultant and Engineer for different companies, before joining the International Secure Systems Lab and then Trend Micro Research as Senior Research Scientist. His work has been published in top peer-reviewed conferences, e.g. NDSS, RAID and DIMVA, and he has spoke at major security conference like Black Hat, Hack In The Box, and OWASP AppSec. His applied research has been acknowledged and published by important media outlets such as Forbes, The Register, Slashdot, InfoWorld, and DarkReading. He is now part of the review board of different conferences, including OWASP AppSec Research, Hack In The Box, DIMVA and others.
Dr. Vincenzo Ciancaglini earned a M.Sc. in Telecommunications Engineering from the Politecnico of Turin and a M.Sc. in Electrical Engineering, Wireless Systems, from the Royal Institute of Technology in Stockholm, Sweden. For several years, he worked as a developer at a travel IT company in Sophia Antipolis, France. During this period, he also took part in the formation of a research and innovation lab within his company, where he was responsible for analysing new upcoming technologies and their potential business developments. From 2009-2013, he obtained his PhD from the National Research Institute in Automation and Computer Science (INRIA) in Sophia Antipolis, with a thesis about peer-to-peer networks interoperability and next-generation internet protocols. Since 2012, he has worked at Trend Micro as a research scientist within the Forward-Looking Threat Research team (FTR), a team distributed all over the world, responsible for performing technological scouting and investigation on cyber-criminal activities, and their potential development in the coming years. His duties on the team go from the development of new data analytics prototypes to identify targeted attacks to the research on new encrypted networks (Darkweb), ad also research on the Internet of Things (IoT).
As the Manager of Strategic Security Services for Rapid7 in EMEA, Wim Remes leverages his 15+ years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and by building resiliency into their organization. Wim delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation combining his deep expertise in network security, identity management, policy design, risk assessment, and penetration testing to develop innovative approaches to enterprise security. Before joining the Rapid7 team, Wim was a Managing Consultant at IOActive and previously he has worked as a Manager of Information Security for Ernst and Young and a Security Consultant for Bull, where he gained valuable experience building security programs for enterprise class clients.
Wim has been engaged in various infosec community initiatives such as the co-development of the Penetration Testing Execution Standard (PTES), InfosecMentors, and organizing the BruCON security conference. Wim has been a featured speaker at international conferences such as Excaliburcon (China), Black Hat Europe, Source Boston, Source Barcelona and SecZone (Colombia). He was also a Member of the Board of Directors at (ISC)2 from 2012 until 2014 and Chairperson of that Board in 2014.